Consumer | Business

Applicant Token API

Applicant Tokens allow an application instance to be created prior to verification. Pre-fill verification data, such as e-mail, name and/or date of birth. Optionally lock the e-mail used for verification. You can also require your widget to possess an access token, preventing the general public from completing verification.

Example Use Cases

Most businesses using VerifyPass do not need the Applicant Token API. However, there are cases where the API is useful or required.

For example:

  • An e-commerce company automatically applies discounts to tagged Military accounts. This company utilizes the Applicant Token API to generate a token for each user, ensuring the e-mail they verify with matches their internal e-commerce company account.
  • An exclusive social network verifies the community of its members prior to finalizing their account. Since verification only occurs within the platform, they create a new token for each member, and enable Require Applicant Token within their Widget. This disables verification to those without an Applicant Token.

Parameters

All parameters are optional. You may generate an Applicant Token with no provided data.

Parameter Value Description
first_name John Prefills first_name field
last_name Smith Prefills last_name field
dob 1990-01-01 Prefills dob field
email john.smith@gmail.com Required when lock_email is true
lock_email true or false When true, prevents Applicant from editing e-mail

Create Token

curl --request POST 'https://verifypass.com/api/v2/token'
--header 'key: your-api-key'
--header 'Content-Type: application/json'
--data '{
    "first_name": "John",
    "last_name": "Smith",
    "dob": "1990-01-01",
    "email": "john.smith@gmail.com",
    "lock_email": true
}'

Response

{
    "token": "eyJpdiI6IlM1Mzk5eGFJK0JjQkkzOU50blZFRXc9PSIsInZhbHVlIjoiWWY4ZVRhQ3hwQzI2SHJ3bHVZQTM0TjFDbWs1MnFsbmJCSjFqWm9EVVlkSTVoM3BvL0MyTThiSEdnamlhNlVYRkxNSFRaWjNoMmlOYmlMRGVxWERyRHMwcWw2TUROdE0rTmpCYVhFdU5tcE9sODc1R3lCWGNIeWpsR2x4dlZrRXNtblpmd0dwd3IvVUdQNXNlaVVtaVp2cFgyZ2EzRUZvWG83T2tEUnZMNTRIeWhibFFpb2hKZXNHZHpUbkhTL2pNIiwibWFjIjoiNzk4MTQ1ZjQxNzI0NGQzNGIxMmI5ZjM1NmIwYWQwYTQxZDc4MzczMzNlMmM4MmY2ZWI5NTJiZGYwZTNjZTI0MSIsInRhZyI6IiJ9"
}

Errors

{
    "error": "Invalid API key."
}

A valid API key is required for every request. 

{
    "error": "E-mail appears to be invalid."
}

E-mail format validation occurs when lock_email is true. If lock_email is false or absent, e-mail format validation will be enforced within the verification widget. If lock_email is true, you must validate the Applicant e-mail format.

Verify the Applicant

Tokens can be used for any active Widget. Therefore, the API returns a token and not a full verification URL. To send your Applicant to the verification widget, you would simply append the token parameter to your Widget's URL. 

https://verifypass.com/auth/{your-widget-key}?token={token}

Require token for verification

If desired, you may toggle Widget→Advanced→Require Applicant Token to Yes (Disables Verification). This will disable all verification where a valid token is not present in the URL. If an Applicant should visit the widget without a token, VerifyPass will instruct the Applicant to contact your support team for assistance.

Rate Limiting

While there is no specific rate limit for API requests, VerifyPass serves requests behind the Cloudflare network for DDoS mitigation. Therefore, it is not recommended to create API tokens in batches, but instead generate tokens as-needed in real-time.

Expiry

Applicant tokens do not expire.